Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3 |
HP-UXThe HP-UX resource adapter is defined in the com.waveset.adapter.HPUXResourceAdapter class.
This adapter supports the following versions of HP-UX:
Resource Configuration Notes
If you will be using SSH (Secure Shell) for communication between the resource and Identity Manager, set up SSH on the resource before configuring the adapter.
Identity Manager Installation Notes
No additional installation procedures are required on this resource.
Usage Notes
The HP-UX resource adapter primarily provides support for the following HP-UX commands:
For more information about supported attributes and files, refer to the HP-UX manual pages for these commands.
When a rename of a user account is executed on a HP-UX resource, the group memberships are moved to the new user name. The user's home directory is also renamed if the following conditions are true:
The Bourne-compliant shell (sh, ksh) must be used as the root shell when connecting to a UNIX resource (AIX, HP-UX, Solaris, or Linux).
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses the following connections to communicate with the HP-UX adapter.
Required Administrative Privileges
The adapter supports logging in as a standard user, then performing a su command to switch to root (or root-equivalent account) to perform administrative activities. Direct logins as root user are also supported.
The adapter also supports the sudo facility (version 1.6.6 or later), which can be installed on HP-UX 11i from the HP-UX Internet Express CD. sudo allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user.
In addition, if sudo is enabled for a resource, its settings will override those configured on the resource definition page for the root user.
If you are using sudo, you must set the tty_tickets parameter to true for the commands enabled for the Identity Manager administrator. Refer to the man page for the sudoers file for more information.
The administrator must be granted privileges to run the following commands with sudo:
In addition, the NOPASSWORD option must be specified for each command.
You can use a test connection to test whether
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
You can define resource attributes to control the following tasks for all users on this resource:
Account Attributes
The following table lists the HP-UX user account attributes.
Notes:
Resource Object Management
Identity Manager manages the following native HP-UX objects:
Resource Object
Supported Features
Attributes Managed
Group
Create, update, delete, rename, save as
groupName, gid, users
Identity Template
$accountId$
Sample Forms
Built-In
Also Available
HP-UXUserForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following classes: